http://blogs.technet.com/strawberryjamm/archive/2005/01/18/355654.aspxAn article I wrote, "Using a Least-Privileged User Account (LUA)", was published on TechNet as part of the monthly Microsoft Security Newsletter for January 2005. It takes a brief look at a few of the key issues around the principle of "least-privilege"en-CACommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/strawberryjamm/archive/2005/01/18/355654.aspx#356336Wed, 19 Jan 2005 21:27:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:356336WillMy company has a software product that's running on kiosk-type equipment out in the field during its beta testing. These are XP machines, and the program is run under a user who is a member of the Power user's group (we did that because of some of the system access it required). We just found that one of the units had gotten infected with a virus that's working its way through the network of the location where the unit was installed. We're not sure which virus it is, but I was surprised the amount of damage that could be done to an operating system by a power user.http://blogs.technet.com/strawberryjamm/archive/2005/01/18/355654.aspx#360558Wed, 26 Jan 2005 01:50:00 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:360558Jenni Merrifield (strawberryJAMM)Will: <br> <br> You're absolutely right, the Power User group has far too many rights to be that useful from a security restriction point of view. It's also childishly easy for bad code to elevate to Admin from an account with Power User rights. <br> <br> Over here, we generally suggest that you forget Power User even exists because it just gives you a false sense of security. Either use Admin or User, and if you don't need to be Admin but you do need more than a traditional User, start with User rights and then add just the permissions that the process actually needs.